It is unclear whether this time it is a compromised server or the attacker uses the services of this internet provider as a customer

Beyond the Network America, Inc. (BTNaccess) is a wholly owned subsidiary of PCCW, and is headquartered in Reston, Virginia and Hong Kong with offices in Los Angeles, New York City, Philadelphia, Houston, London, Moscow, Prague, Kuala Lumpur, Singapore, Shenzhen, Tokyo, Mumbai and New Delhi.

PCCW, a global leader in next generation broadband solutions, is the largest telecommunications provider in Hong Kong. PCCW is the operator of one of the world’s most advanced broadband networks and has over 700,000 broadband customers and 12,500 employees worldwide. As a global player, PCCW has portrayed innovation within the industry and demonstrated financial stability with 2003 revenues reaching US$2.89 billion.

Wednesday, May 25, 2011

W32.Qakbot aka W32/Pinkslipbot

W32.Qakbot is a worm that has been seen spreading through network shares, removable drives, and infected webpages, and infecting computers since mid-2009. Its primary purpose is to steal online banking account information from compromised computers. The malware controllers use the stolen information to access client accounts within various financial service websites with the intent of moving currency to accounts from which they can withdraw funds. It employs a classic keylogger, but is unique in that it also steals active session authentication tokens and then piggy backs on the existing online banking sessions. It then quickly uses that information for malicious purposes.

Wednesday, May 11, 2011

MAC Defender Fake Antivirus Program

Quote from Intego:Description: Intego has discovered a fake antivirus
program called MAC Defender, which targets Mac users via SEO poisoning
attacks (web sites set up to take advantage of search engine
optimization tricks to get malicious sites to appear at the top of
search results).When a user clicks on certain links after performing
a search on a search engine such as Google, they are sent to a web site
that displays a fake Windows screen with an animated image showing a
malware scan; a window then tells the user that their computer is
infected. After this, JavaScript on the page automatically downloads a
file. The file downloaded is a compressed ZIP archive, which, if a
specific option in a web browser is checked (“Open ‘safe’ files after
downloading” in Safari, for example), will open. The file is
decompressed, and the installer it contains launches presenting a user
with the following screen:

General File Information

Added Mac Protector - May 11, Thanks to anonymous donation

Malware: OSX/MacDefender.Aand Mac protector.ADistribution: Web browsing Low; in the wild, but not very widespread for now

Malware samples are available for download by any responsible whitehat researcher. By downloading the samples, anyone waives all rights to claim punitive, incidental and consequential damages resulting from mishandling or self-infection.